Cybersecurity survey 2015

Increase your business security and resilience

Effective cybersecurity requires more than being secure. Organizations must also be vigilant and resilient, monitoring the threat landscape and meticulously planning response and recovery activities well before their systems are attacked. As cyber attackers become more sophisticated, the number of attacks increase and high-profile breaches continue to show how devastating cyber incidents can be to both finances and reputation, businesses need to realize it's not a question of 'if' they'll be attacked but 'when'.

Deloitte's 2015 Cybersecurity Survey shows many organizations in Canada aren't as aware of the threats evolving and multiplying on the cyber horizon as they should be. Perhaps it's because they feel prepared: of 60 percent of organizations that said they hadn't experienced a cyberattack in the last 24 months, for example, the vast majority (90 percent) reported they felt protected.

In our survey, we asked IT leaders at major organizations in key sectors across the country how prepared they are in three key areas of a balanced cybersecurity posture: being secure, vigilant and resilient. Only nine of the organizations that responded to our survey are well-prepared and performing at a high level in all three categories.

The good news is that it's never too late to improve your ability to detect, prevent and respond to cyber threats. Our report looks at the challenges and solutions to maturing your cybersecurity position, and shows how high-performing organizations are getting it right. Fill out the form to get your copy of Navigating a harsh cybersecurity landscape.

Ward off a siege with MSSPs

Organizations increasingly "don't know what they don't know", unaware of the many forms that cyber threats can take. Working with a managed security service provider (MSSP), which offers a specialized "watcher in the tower" capability that provides 24/7 security monitoring and proactive threat management, can bolster an organization's overall level of security.

Shield yourself by gathering and using threat intelligence

Volumes of up-to-the-minute information are readily available that enable organizations to understand what cyber criminals' capabilities and activities are, where their own weaknesses lie and how their peers are responding to threats. Many leaders aren't tapping into this rich source of cyber threat intelligence (CTI), and that puts their organization and its critical data assets at risk.

Implementing a formal process for gathering and sharing CTI with peer organizations in your industry or market can provide insight about attacks, security tools and defence techniques to mutual advantage. It will help you make informed decisions regarding your cyber defences and increase your threat-detection capabilities.

Test your defences to strengthen them

Canadian organizations generally still respond to and manage cyber incidents from a reactive stance. To counter attacks from a position of strength, organizations can better prepare themselves to respond by establishing and testing documented incident procedures, with a particular focus on incident planning. Since gaps in readiness often lie in process shortfalls rather than technical capabilities, determining the roles, responsibilities, communications and escalation procedures is necessary to be able to respond effectively to cyber incidents.

"Just 50% have documented incident procedures that they follow and test."

Advance with confidence

As the competitive landscape continues to rapidly evolve, organizations that fail to develop a robust cybersecurity position may struggle more to defend their critical data assets than their business rivals. To best prepare for 'when' - not 'if' - they experience a cyberattack, Canadian organizations need to boost their cybersecurity by ensuring their systems are secure, vigilant and resilient. This requires an ability to transform business processes, to select the right technology solutions coupled with effective procedures and skills, and to weave it all together effectively and strategically-to evolve, just as the threats are evolving.

Complete the form to read the full report, Navigating a harsh cybersecurity landscape and learn how your organization can become highly secure, vigilant, and resilient.

Meet our leaders

Global & Canada Cyber Risk Leader

Nick Galletto is the Global and Canada Cyber Risk Services leader. He has 30 years of experience in information technology, networking, systems management and information security management. He has a... More

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.